我在 Spring Boot 应用程序中使用 Spring Security 和 Waffle。我已经使用基于 Java 的 Spring 配置配置了 waffle。(见下文。)
我已将 Spring Boot 配置为使用带有 SSL 的 Tomcat(默认),但即使我恢复使用未加密的 http 连接,问题仍然存在。
如果我使用谷歌浏览器访问该网站,我可以正确验证,但在 IE11 中以奇怪的方式失败。华夫饼产生以下日志:
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 126 byte(s)
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - continue token: xxxx
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - continue required: true
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 121 byte(s)
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - continue token: xxxx
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - continue required: false
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - logged in user: DOMAIN\username (xxxx)
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - roles: DOMAIN\username, xxxx, xxxxxxxxxxxxxxxxxx
[INFO ] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - successfully logged in user: DOMAIN\username
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 121 byte(s)
[WARN ] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
因此,在我看来,身份验证好像成功了,但是由于某种原因,它尝试重新进行身份验证并且失败了。
我通过Chrome访问该站点时的日志类似,但登录成功后显示:
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /index.html, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /index.html, contentlength: -1
......从那里开始等等。
在 IE 案例中似乎也存在时间问题。有时,它会成功地从服务器加载一些内容:字体、图像等,然后突然又失败了。这是不一致的,它在不同的时间停在不同的地方。
这是华夫饼错误吗?
我的 Spring Boot 基于 Java 的配置:
@Configuration
public class WaffleConfig {
@Bean
public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
@Autowired
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(
final WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public BasicSecurityFilterProvider basicSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new BasicSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(
final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
final BasicSecurityFilterProvider basicSecurityFilterProvider) {
final SecurityFilterProvider[] securityFilterProviders = {
negotiateSecurityFilterProvider,
basicSecurityFilterProvider };
return new SecurityFilterProviderCollection(securityFilterProviders);
}
@Bean
@Autowired
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint = new NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilterEntryPoint;
}
@Bean
@Autowired
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
}
和:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig {
@Configuration
public static class ProductionConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.httpBasic()
.authenticationEntryPoint(entryPoint);
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("pa").roles("USER");
}
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Autowired
private NegotiateSecurityFilterEntryPoint entryPoint;
}
}